1. Field of the Invention
The present invention relates generally to computer security, and more particularly but not exclusively to methods and apparatus for performing secure computer communications.
2. Description of the Background Art
The secure socket layer (SSL) protocol is widely used in secure computer communications. The SSL protocol is based on a hierarchy of trust where one party, referred to as a “certificate authority” or CA, authenticates another party. The authenticated party becomes trustworthy to all other parties trusting its certificate authority. There is a root authority every party trusts in order to use the SSL protocol.
A digital certificate, or simply “certificate,” is a binary signature used to uniquely identify a party. Current implementations of certificate authentication require either a certain number of trusted certificate authorities or that all parties involved in the communication have access to a public white list with a coded or un-coded representation of trusted parties and their corresponding certificates. When an unknown party without a trusted authenticator needs authentication, the unknown party is treated as a certificate authority and its certificate is compared to the public white list.
The unknown party is deemed trustworthy if its certificate identifies it as being included in the public white list. Otherwise, the unknown party is deemed un-trustworthy. Although workable, the public white list system for authenticating unknown parties poses some problems including the relatively large size of the white list and the vulnerability of the white list to tampering.